Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv681 Modified Files: fc6 fc7 Log Message: Add CVE-2007-4131 - tar directory traversal. Update status of resolved issues. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.242 retrieving revision 1.243 diff -u -r1.242 -r1.243 --- fc6 20 Aug 2007 16:01:57 -0000 1.242 +++ fc6 21 Aug 2007 08:39:05 -0000 1.243 @@ -15,6 +15,7 @@ CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664] +CVE-2007-4131 VULNERABLE (tar) #253684 CVE-2007-4029 VULNERABLE (libvorbis) #250600 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.75 retrieving revision 1.76 diff -u -r1.75 -r1.76 --- fc7 20 Aug 2007 16:01:57 -0000 1.75 +++ fc7 21 Aug 2007 08:39:05 -0000 1.76 @@ -14,12 +14,12 @@ CVE-2007-4400 VULNERABLE (konversation) #253545 CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] -CVE-2007-4321 VULNERABLE (fail2ban) #252290 +CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash CVE-2007-4229 ignore (kdebase) just an ASSERT fail -CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped -CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity +CVE-2007-4225 backport (kdebase) [since FEDORA-2007-1700] +CVE-2007-4224 backport (kdebase) [since FEDORA-2007-1700] CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485] CVE-2007-4174 version (tor, fixed 0.1.2.16) [since FEDORA-2007-1674] GENERIC-MAP-NOMATCH version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] @@ -27,10 +27,11 @@ CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 VULNERABLE (wordpress) #250751 +CVE-2007-4131 VULNERABLE (tar) #253684 CVE-2007-4029 VULNERABLE (libvorbis) #245991 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib -CVE-2007-3852 VULNERABLE (sysstat) #252295 +CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697] CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] @@ -40,7 +41,7 @@ CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed -CVE-2007-3820 ** (kdebase) #248537 +CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700] CVE-2007-3799 ** (php) CVE-2007-3781 ** (mysql) CVE-2007-3782 ** (mysql) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits